RSS

How-To Geek

In Windows 7 or Vista, the screen goes dark when the User Account Control window comes up, which is extremely annoying. They call it the “Secure Desktop”, but I think it’s obnoxious.

Note that this will make your system less secure before proceeding.

Windows 7 Makes it Easy

If you are running Windows 7, you can simply head into the UAC settings in Control Panel (or type UAC into the search box), and drag the slider down until you see “Do not dim the desktop”.

That’s all there is to it!

Windows Vista Business/Ultimate Users

To get to the configuration screen for this, type in security to the start menu search box. You should see the Local Security Policy as the top search item.

In the Local Security Policy window, browse down to Local Policies \ Security Options

Over in the right hand part of the window, scroll down near the bottom and find the item titled “User Account Control: Switch to the secure desktop when prompting for elevation”. Double-click on it to open it up, then change it to disabled:

At this point Secure Desktop should be disabled.

Windows Vista Home Users

For Windows Home users, you will need to open up regedit via the start menu search box. Browse down to this registry key:

Right-click in the right-hand pane and create a new 32-bit DWORD value called PromptOnSecureDesktop, setting the value to 0.

Downloadable Registry Tweak
Just download, extract, and double-click on the DisableSecureDesktop.reg file to enter the information into the registry. There’s also an included EnableSecureDesktop.reg file to put things back to the way they were.

You can see by the large number of comments that this article is controversial. It’s true, disabling security features will always make your system less secure, and you should strongly consider the consequences before you make any change like this.

Comments (128)

It is called that way for a reason. While a window is on the secure desktop, applications cannot interfere with it. With the secure desktop turned off, they can (and for instance a piece of malware could send an event to the window, making it believe the “Continue” button was clicked by you when it really shouldn’t have).

I have Outlook 2002 and went over the maximum data storage amount. This closed that .pst file and now I can not run scan.pst to fix or WORSE can not merge it into Outlook 2007 due to error. If anyone could help me unlock all my e-mail, repair the error and then merge it into my new outlook 2007 I’d be so grateful. Plus is there anyway to increase automatically the Outlook box size so this never happens again?

“Note: This does make your system slightly less secure, so be warned.”

Be clear to your readers. What this does is make it so the UAC dialog can be interfered with (accepted without your knwoledge) by another application, including a malicious one that triggered UAC by needing Administrator-level rights.

This is not accurate. The blacked-out screen is called a secure desktop. Other applications or processes can’t send anything to the UAC prompt when it’s in secure desktop mode. If you disable secure desktop, you are vulnerable to anything that wants to send an “invoke continue button” to the UAC dialog.

Please do NOT do this! This is not just disabling the cosmetic black screen. Windows allows one program to send messages to another. Secure desktop temporarily prevents these messages from going through. If you disable it, then virus and malware can send a “click” message to the secure prompt dialog, which basically means they can do the honor of clicking OK for you. In other words, this is as good as turning off your security altogether.

Sure it makes it less secure. However, anyone who actually does this probably isnt a novice. Most likely power users will shut this off as it is freaking annoying and I have complete control over what comes into this machine and leaves it. So as the others say dont do this ‘patch’ unless you know what you are doing already!

Adam:
Ah, but turning UAC of is not the same, as it prevents you from doing some things (try installing the latest acrobat reader without UAC).
The black screen is horrible, distracting and uncomfortable, MS should find a better way to do this. In the mean while the likes of me that don’t get malware installed (usually) are just plain irritated by this screen, so,
GEEK: thank you.

You’ve GOT to be kidding. You want to make your computer less secure because you don’t like the visual effects associated with it? And not only that, you’re telling OTHER people to compromise their own security just for the visual effect.

When windows displays a security dialog, it places the dialog on a separate desktop so that programs can’t take control of your computer away from you. When a new desktop shows up, the old desktop is greyed out to show you that it’s inactive. THAT’s why the screen goes dark.

What you’re suggesting is putting security-related windows on the standard desktop, which means that any program running on your computer can assume administrative rights without your intervention.

You call this screen blanking event a “visual effect?!” Surely you are joking. If the way you describe it is accurate, why don’t they use the Aero interface to smoothly grey out the screen? THEN I might consider it a “visual effect.” If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop. I don’t think that is what is happening though.

It seems to me more as though they are changing the mode of the graphics driver. Sometimes when I have the Secure Desktop switch, I get a notification bubble suggesting that the graphics driver has stopped working, but has recovered.

I actually am pretty annoyed by this whole Secure Desktop blank screen issue, and hope the MS team can find a more elegant solution soon.

“The “UAC” mode in linux is much simpler, especially in Ubuntu. You are only prompted for your password the first time you try to make a system change, and then it doesn’t ask you again for a few minutes, as opposed to every single administrative function you click in Windows Vista.”

This is incorrect. Vista does carry _root sessions. I’ve witnessed this many times were I was able to make an administrative action (which triggered UAC), then make subsequent actions 9which otherwise would trigger UAC) without re-triggering UAC.

The UAC mode does not “save” in Vista. What is happening is that the application that you first ran in admin mode is launching the other applications, which will then run in admin mode as well, because they are being opened by that process.

If you were to go to a completely different screen, you would still be prompted.

I noticed that when you log in to Vista remotely (with RDP), the UAC prompts open in the secure desktop as normal, but WITHOUT taking a screenshot of your desktop.

Obviously this helps speed things up over the network connection, but it also effectively removes the “flashing black screen”, since the whole snapshot piece is removed from the equation.

So my question is… how do we turn of the “snapshot” “feature” and just make it use regular secure desktop (with no background)? This would keep security tight, but help to remove the infuriating flickering…

What Richiepoo said is spot on. If they did what he said below I would be so much happier

“why don’t they use the Aero interface to smoothly grey out the screen? THEN I might consider it a “visual effect.” If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop.”

I want the UAC Secure Desktop prompt, but without the screen darkening! The prompt “Windows requires your permission to continue” is OK. I can live with that. But I can’t stand the dark background. It is intolerable. Why?

When I dismiss the prompt quickly, what I have to endure is a violent flash from the screen as its brightness plunges briefly and then brightens up again. It messes with my eyes because the sudden brightness change it makes my pupils dilate and then shrink again. It is like a strobe light in reverse and it is horrible. It gives me a headache. Even if I close my eyes the brightness change is still bothersome. Please, there must be a way to keep the UAC prompt and its functionality but stop it from messing with the screen.

I think what I’m reading is that the blacking out of the screen isn’t the issue, and even the UAC dialog being in Aero Basic isn’t the issue, but the “flashing” or “3-5 second delay” or “flickering” is the issue.

I think the issue then is that you need a newer graphics card or newer drivers.

I don’t have any of those issues on my laptop, it’s pretty much instant.

Yes Kearns, this damn flickering is the issue. But what I don’t understand is why this happen only in secure desktop or (in my case) windows logon. I have the Mobile IntelÂ® 945GM Express Chipset with the lastest drivers (ver 15.4.3, date 6/6/07).

I just thought I would add my two penneth worth, I agree that if it is not able to be hacked, we wish, it is a good idea but I dislike the way that vista does the UAC, it is slow and annoying. It is a good security measure destroyed by a corporate idea that you need to have more security and lets make it obvious, I wonder how many MS engineers leave it on.

Why can’t I run some of my programs bypassing the check using the user id I choose (sudo). If I donâ€™t want security in some programs then that is my choice. Thanks for this hack it is less annoying than disabling the UAC and getting the security warning.

I’m not an expert and I don’t really understand computers. All I can say is that the rubbish that Vista is doing will result in LESS security because it is SO annoying that the average person will probably not want it. Vista takes AGES to do anything and the black screen is ridiculous. If I want to delete a bloody shortcut on the start up menu it comes up. I have to turn off my firewall because it wont let me download music LEGALLY through itunes. The protected internet won’t let me watch BBC Question Time online!! It is STUPID!! And (worst) if any web pages run slightly slow (which some do because of stupid vista) it closes them ALL – HOW DO I STOP THIS HAPPENING??? Serious question – everything on my comp is backed up (and most is on email) so who cares if my computer is hacked? How can it possibly be more hassle than dealing with well meaning security features?

If people want to change the way Vista works, they should be able too. This is what makes open source software so great if you want to remove,modify something you should be able too. Not go with what the author of the program thinks is what the user needs/wants. Nothing is 100% secure and never will be. Having a program prompt you 3-4 times is not my idea of secure, if i open up group policy, then open up another program which requires admin privs UAC should remember it, also Linux allows one to bypass the password prompt when using sudo, which many could say is a security issue why, if someone hacks my user account gets auto root access. It’s the same with UAC it’s the admin’s issue to disable it or not.

The problem I had with this is that when it comes up OUT of the secure desktop mode it does not restore the graphics display driver settings correctly. Thus if you are in extended screen mode it forgets about the second screen. Or if you have a the screen rotated 90 degrees from the default (I have a convertible tablet) it forgets that. The blinking of the screen is annoying, but not worth turning off the security. The fact that it doesn’t restore to the previous state is a bug, and should be fixed.

Oh dear oh dear….
All i hear is a bunch of cry babies..
“oohhh it makes your systems vulnerable to attacks!”
“Applications can force a ‘continue’ on the ‘secure desktop'”
“Your wrong!..your wrong! It’s not a visual effect!”

“makes your system vulnerable to attacks”
Of course it does…
So does not installing anti-virus software…so does not turning on your firewall…so does not using some malware protection software…
Whats the big deal about UAC then? If it’s such a ‘necessity’ then why does it even give you the option of switching it off in control panel? The same reason it’s optional to install and use anti-virus/malware/firewall software….OPTIONAL
Heres a scenario for you, you want to drive to the shop…how:
Put key in car door, unlock the car, switch on ignition…perform usual tasks to drive

Now heres the same scenarion with UAC
Put key in car door, answer the car back by saying i am the boss let me put the key in now, car hesitates asks you one more time while the lights go out, tell it your the boss again, car hesitates lights go on key goes in the door.
Unlock door, answer the car back by saying you are the boss open the god damn door, car hesitates asks you one more time while the lights go out, (damn those lights gotta change the bulb, i’ll get one at the shop whenever the hell i get there), tell it one more time you are the boss, car hesitates lights go on door unlocks.
Switch on ignition…

you get the picture…it adds further steps to the simplest tasks.

“Applications can force a ‘continue’ on the ‘secure desktop'”
That is also very true…but again, whats the problem? Any application that requires confirmation from the ‘secure desktop’ is obviously already on the machine, or wants on your machine…Any application that is already on my machine has been put there by windows or myself, i know this because i am an experienced windows user who takes a lot of care with my system. I am also at peace of mind that my anti-virus/malware/firewall software will pick up any unwanted .dll, or the like, registering on my computer.So any application that needs my confirmation for something will be one that i have installed for a reason…
Reply back with…yeah but anti-virus/malware software etc etc doesn’t always work you might still get a virus that does something and because UAC is off your not protected…blah blah…No..i have never once had a virus that i did not put on my computer voluntarily, meaning i downloaded a bad zip etc and got infected…those were the days when i didn’t bother with antivirus software…i do now and i have never had a virus on my machine since. They have always been stoppedbefore they were put on.

“Your wrong!..your wrong! It’s not a visual effect!”
I dont care…it flashes the screen black then transparent black, then flashes black when it returns to normal…it almost feels like a gunshot going off…BOOOOM!! CONTINUE!! BOOOOM!! Thats enough a visual effect as it needs to be…

My last comments…
I just want to finally say that it really is a pain in the ass…People who have been using computers for years…(i would hope) know how to keep their computer neat and tidy…and secure. They know that when they go into ‘Program Files’ and Create a new folder…they really do just want to create a folder, no hassle…with UAC…everytime you create a folder it’s an episode, Yes i do want to create the folder….’you sure?’ god damn…yes…’okay theres your folder’…fine but whats the folder called? ‘New Folder’ well thats bullshit, i need to change the name…popup…’you sure? God damn! Thats the point when it should stop…but no…one more, just for fun.
So how many popups to create a folder you want? 4………what an ass

“You call this screen blanking event a “visual effect?!” Surely you are joking. If the way you describe it is accurate, why don’t they use the Aero interface to smoothly grey out the screen? THEN I might consider it a “visual effect.” If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop. I don’t think that is what is happening though.

It seems to me more as though they are changing the mode of the graphics driver. Sometimes when I have the Secure Desktop switch, I get a notification bubble suggesting that the graphics driver has stopped working, but has recovered.

I actually am pretty annoyed by this whole Secure Desktop blank screen issue, and hope the MS team can find a more elegant solution soon. ”

Graphics driver errors popping up too?….and your not going to disable UAC??
man your way more patient that i am…UAC is clearly a bigger ass to you that it is to me.

It has been said earlier on in the comments that the Gksu and Kdesu dialogs in Linux can be “smashed” by malicious programs. This is completely false. One, the gksu and kdesu dialogs require your password. Secondly, I know for a fact that gksu will warn you if another program seems to have control over the keyboard or mouse (on a slow enough computer, if you launch a program with gksu and then focus a terminal window at exactly the right moment, you can generate a false alarm).

See the manual page for gksu for more information on how to temporarily disable the keyboard and mouse locking warning.

No offense but, turning off the secure desktop prompt isn’t turning off UAC. All the user permissions and virtualization still take place, so it’s still hard to mess things up or, God forbid, get “h@cked”.

Anyways it doesnt’ matter how many “security” measures you put into place, how secure your computer is depends 100% on the end-user. The end users that really f*ck their computers up doing things that no one with common sense would do will still manage to mess a system up. MS is trying to babysit for regular users(which is really hard but you can’t blame them for trying), but lets power users control their environment, such as turning off secure desktop prompting, amongst other things.

You want proof? I’ve run my home systems with just my basic firewall on my lynksys home router, no windows firewall, no antivirus on my main windows account(AVG Home run for some of my accounts) and I’ve used this comptuer for regular web browsing, gaming, email etc. It’s runs amazing because it’s not being killed by 100 processes that get installed everytime i download stuff. Don’t go to p0rn warez sites, don’t use peer to peer software and gambling sites. I never have had a problem, and I’ve had this setup for over 3 years.

Just scan what you don’t trust, don’t install what you don’t know, clean up your startup(regiustry included) once in a while, spyware scan once in a while… companies make money on publishing fear and hack stories, which result is your computer run at half performance, but your no safer.
.

The easiest thing would have been to to be able to put a checkmark on the program the first time you run/install it to either giving it permission or NOT. It ticks me off that certain programs (because they are non-MSFT) have to get permission EVERY time you run it due to UAC

I cannot believe the people on here who are apologizing for Microsoft for this one. I just got my first Vista computer yesterday and I am already at the breaking point… there are SIX (count ‘em, SIX) confirmations required to create & rename a new folder in Program Files and copy a program into the new folder.

Dear Microsoft: If you make your security measures annoying and hard to live with, people will just turn them off. It’s like an automatically locking door that keeps locking people out. Pretty soon somebody is going to stick a piece of wood in the door and prop it open… and there goes your security! If you want people to adopt a security measure, it can’t be annoying!!

…and don’t even get me STARTED on the Office 2007 UI… hfkaw;lgbnaws.xbnas.nasf… Why am I still dealing with Microsoft stupidity in 2008?!?!

Thank you for this page!
The thing about this is the simple fact that MS chose the black screen effect (an effect of my hardware to handle this malware protection) instead of just addressing the malware protection otherwise and quit being hard on my eyes and hardware. I like Vista but MS needs to learn from Sysinternals about how they could make the UAC worth using for their clients. The UAC is a very complex system to understand for the regular user, but completely user unfriendly. It is all or nothing and no choices for the user or administrator to set things specifically for their chosen applications. No one needs prompted 2 to 3 times from an icon they clicked on their desktop multiple times a day. Basic freshman or High School Psychology knows repetition is something humans hate, let alone repeating themselves. We built PC’s to handle these repetitive tasks for us, not to feed them back to ourselves!

Thank you very, very much for posting this article, it helped a lot of people, including my brother. He sends his regards. :)

And in response to the people who wet themselves at the thought of disabling the UAC, well, it shouldn’t be the only protection you’ve got on your computer in the first place. But, you know, God forbid you don’t have ten confirmation requests every time you want to open a folder! Turn UAC back on this very instant~*~*~!

The problem with the UAC black screen is worse when watching videos or something within Windows media centre – it stops the playback during and for a few second after the UAC prompt – very annoying if you miss something important! Great article for people who use applications that trigger then UAC!

Thank you for this . Heres why I had to do it .
I use a Wacom tablet and also run ZoneAlarm .
Anything that prompted this from ZoneAlarm or whatever meant
my tablet would not work on my laptop. I would then have to go to
my mousepad on the laptop which I hate using and click continue.

The last time I had to deal with this was after running regedit and then not being
able to use my tablet to say OK to get to the registry. Now after adding the 0 for the
value and closing I quickly went back to check out going to regedit and voila , I could say
yes to it with the tablet . Thanks. what a headache that was becoming.

Interesting debate over this, but I’m with the ‘power user’ approach to this.

I too have had a home desktop for about 3 years now. I’ve never reformatted (i know I prolly should), never had a firewall on it, had it through Uni – so it’s been on some dodgy networks and leeched connections in it’s time. I do run Spybot and AdAware every couple of months or so and it always manages to find something (I’m thinking it’s thanks to facebook personally) – but nothing really bad. I have NEVER had a virus play havok on any machine I’ve owned (had one or two thanks to bad downloads but AVG vaulted them before I knew the download had finished), and I’ve always operated under the same general system setup.

If you’re the type of person that when your computer plays up grabs the phone and calls your child/colleague/parent/neighbour then please god leave this thing switched on! If on the other hand you can generally fix your machine whatever comes accross – be that with prior knowledge or an understanding of the power of google, then switch this off if you want to reduce your daily click count and save your mouse from dying earlier than it should.

Those who have the power and the confidence: Save a mouse, turn off UAC

The problem with the UAC black screen can be turned off separately without turning UAC off.
Now it does not disturb my DVB Tuner (TV) – Big releif! The blackening out really bugged me.

It is done under “adminstrative tools” (Ultimate)
– “Local security policies”
– “security options”
– “User Account Control: Switch to the secure desktop when prompting for elevation” set ‘disable’
(it is near the bottom)

This can be done in registry for Vista home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

Right-click in the right-hand pane and create a new 32-bit DWORD value called PromptOnSecureDesktop, setting the value to 0.

To those who complains that UAC appears when creating a folder in Program Files, I want to ask, WHAT ARE YOU DOING? UAC prompts when doing just that is common. Program Files is not where you put your files, that where your Documents is for. If you have your own executables, put them on the Application Data folder under your Users directory (the way utorrent correctly did). You have no reason to manually put files of any kind in Program Files. Misusing that folder and then blame UAC for doing its job is moronic and show how n00b you can be.

I was using Vista for a while and got so very pissed off at this UAC thing that I was about to throw Vista out untill I encountered your post.
Thanks a bunch for this tip, it makes my Vista experience so much better.

I just got a new laptop with Vista on it–I’ve been fortunate that my older desktop has XP Pro on it instead–and in one week, the UAC has driven me completely insane.

I’ve worked on computers for over 20 years, a couple of years as a techie, and this feature in Vista has filled me with rage! I wanted to go in and examine some files in documents and settings–I never use that directory for downloads, as it’s simpler to create a top level directory for that, and it denied me access. That’s when I realized that more and more PCs are being dumbed down in an effort to take some of the market away from Mac, where techno ability is not mandatory, nor even encouraged.

After 20+ years of working with PCs, downloading plenty of shareware, freeware, demos and other things, installing hard drives, mobos, sound cards, and everything else under the sun, I have never had a serious contagion, nor lost the contents of a hard drive. Indeed, I am frankly surprised at how cowed some people are when it comes to learning a thing or two about a machine which has become so necessary in their lives, and for which they should have at the very least, a working knowledge in case of an emergency of some sort.

Perhaps I’m just old school in this respect, but a feature that makes it nigh impossible for me to be in charge of my own PC needs to be either eliminated or made irrelevant.

mark,
your advice did save my nerves and in consequence also my laptop; it did not have to land on the yard underneath my window. It wasn’t so much the blackout screen. When the machine was new darkness was over in a second. But now when many files and programs have been installed the screen first blackens for 20 seconds, then I get the prompter to permit the task, and then the second half of the night commences. After I put that 0 into the registry I still get the said permission prompter, but it takes only fractions of a second to land on the workshop floor.
What was the system doing in the dark? Did it have to do whatever it did time and time again?
Machines never seem to learn.
HG

I used the downloadable tweak for my Home Premium version and it worked swimmingly! Just a note to say I love you, ’cause now my computer doesn’t twitch and freak out anytime it asks me for permission to do basically anything under the sun. (:

To all who bring up security issues I ask, why would anyone write malware to target this small vulnerability enabled by probably less than 1 percent of vista users? I’m thinking security through obscurity here…

Hello. I have a related problem. lately, my UAC has been taking its sweet time to load for certain apps. I think it gets stuck because the only way I can force it to appear is to start up another program which requires UAC (in a crude Push/Pop sort of manner). Can you explain what is going on?

I have UAC enabled, and still got a virus. Someone gave me a patch for a program, to update it. And guess what, a patch altering files in program files, requires elevation. So i hit allow, and then it infected my pc. Great protection… really… Thats so great i almost pizzed myself laughing when i saw a virus tare up my pc.

UAC doesn’t really protect the majority of people because the majority of people dont have a clue if they should hit continue or cancel. I’ve seen this over and over again, most will just click Continue.. One of the comments of web development is it takes three clicks before user will think and most users dont want to think.

I want to turn off UAC but I cant because I need the protection. Even with virus protection, spyware protection, etc on my computers its amazing I still need UAC. I probably have half a gig of ram and 10% of my processing power used up by the security programs currently loaded. What a joke. Why not just build a more secure operating system platform that doesnt have so many loose ends in the code and has more use of digital certificates that a user can grant or deny.

For anyone using this tweak, I would suggest requiring a password on the elevation prompt so that it would not be possible for an external program to click through on it. There are a couple of ways to do this.

The easiest method is to simply use a standard user regularly instead of an administrative user and have the administrative user passworded.

The other method also requires having your administrative user passworded, but will make it prompt for a password even when you are directly logged into that user, rather than just giving the continue or cancel buttons. To enable this on Vista Business or higher, it is one of the UAC-related settings in the Local Security Policy snapin for MMC. For the others, there is a registry setting somewhere that can be changed for the same effect.

One side effect of this is that Vista no longer has to do any randomization of the layout to help prevent the button from being clicked, as a password is needed and not just a simple click. This means that the elevation prompt’s layout is now completely consistent whenever it is shown. It also means no more reaching for the mouse to click continue; just password, enter. :)

1: What microsoft is symply doing is allowing the user to get more envolved in their own security. With out any prompts you are less likly to be active in preventing potential threats; UAC also gives some info so the user can research the cause for such activites. UAC stops automatic inffection but cannot protect from some moron manually enffecting their PC. Responsabliy is now in the user’s hands.

2: If you dont want to be alerted to something trying to take control of your PC and think that microsoft should do something to better protect the os then the solution is to stop all 3rd party developement.

“I just want to finally say that it really is a pain in the assâ€¦People who have been using computers for yearsâ€¦(i would hope) know how to keep their computer neat and tidyâ€¦and secure. They know that when they go into ‘Program Files’ and Create a new folderâ€¦they really do just want to create a folder, no hassleâ€¦with UACâ€¦everytime you create a folder it’s an episode, Yes i do want to create the folderâ€¦.’you sure?’ god damnâ€¦yesâ€¦’okay theres your folder’â€¦fine but whats the folder called? ‘New Folder’ well thats bullshit, i need to change the nameâ€¦popupâ€¦’you sure? God damn! Thats the point when it should stopâ€¦but noâ€¦one more, just for fun.
So how many popups to create a folder you want? 4â€¦â€¦â€¦what an ass”

if i clicked create new folder i’m pretty sure i wanted to do that and that i wanted to give it a name other than ‘new folder’ and if i’m installing new software as i did when i first installed vista, holy crap that UAC must’ve popped up like 30 times an hour. needless to say i disabled it.

funny, i haven’t gotten hacked or scammed or spammed or ANYthing in the last 6 months i’ve had it off. wierd, cuz, like, before, i was getting hacked, like, all the time. :o whatever.

if it’s on my computer it’s because i put it there, and i’m fairly certain my computer isn’t trying to hack itself.

You’ve got it all wrong. It is not asking if you really want to do that action; it is asking if you want to allow the program to have full access rights to be able to do it. Also, having an option to remember that you have given the program permission to have full access would be a serious security risk, in my opinion. Ever heard of an Explorer shell extension? They run inside Windows Explorer and would have access to anything Explorer can access, even if it was a malicious shell extension.

As far as elevation prompts when creating new folders, that is because you are creating a folder in a place where only administrators are allowed to write. If you create a folder in a place where you already have access, there is no prompt. Also, as of SP1, there is only one elevation prompt for creating a new folder in one of those locations and giving it a name, provided you have not clicked away from the renaming box before giving it the name you want.

If you often work with the locations where only administrators have write access, there is a way to use “Run as administrator” for an explorer window. First you have to enable “Launch folder windows in a separate process” under the View tab in Folder Options. Then with no folder windows open, right-click a Windows Explorer shortcut (one is available under All Programs -> Accessories). Not having any explorer windows open is important, because it will only run one additional explorer.exe process and no more.

By the way, if you go to any other popular operating system (GNU/Linux and Mac OSX, for example), you will see basically the same kinds of systems in place like Windows Vista’s elevation prompt and needing to run a program as an administrator (or root) to change anything that affects other users, like locations where programs are installed and changing various system settings, etc. This is not going away any time soon.

Trojans still find a way around it without an “Elevated” prompt. Browser hijacking still occurs. Nothing should ever be able to write to the system32 directory. They need a better solution to handle developers needs. While more difficult, it is still just as vulnerable. Computers were designed to handle repetitive tasks, not feed them back to the user, which is still what is happening for programs that have ran for months without any malicious activity.

I can’t even believe that there are proponents to the “Secure Desktop” at all!

When I first got my tablet, UAC was fine, and a small flash was no bother, but then what? I updated my graphics card driver, and now it takes almost TEN SECONDS to pop up the UAC dialog, another ten to re-render the normal desktop when I’m done. It’s ridiculous. MS could have stopped inter-window communications between UAC and other programs without effecting the display.

I would rather not roll back my driver, since general graphics performance has improved. Don’t even say it’s because you’re running a lot of processes; it’s not, it’s because of the new driver. And seeing that it’s a tablet, I won’t be replacing the graphics card anytime soon. So, for someone in my position, disabling “secure desktop” would be feasible.

I can deal with the dialog, but adding 20 seconds to the launch time for a program is ridiculous! Count me out.

Bryan, you say that there is no reason to make a new folder inside of “Program Files”, but this is not true. There are plenty of good programs (mplayer, for example) that don’t come with an installer, and I would rather have them in “Program Files” than “Application Data”.

The black/blank screen (a most ANNOYING feature) is probably unnecessary. A quick flash or flicker is tolerable, but not this many seconds of black/blank screen.

They probably can EASILY do away with the black/blank screen and still have the secure feature. But then you would not be reminded that they provide a special feature to “secure” you, and they want you to remember at all times that they “created the universe” – lol. Despite all their wealth and power, they still have the basic human need – i.e. a craving to be recognized and to be fully credited for work done (even if it means annoying you a bit).

id also like to mention for the record some of us have to disable this due to it causing problems with DirectX applications such as games, locking them out of the cpu for any duration of time usually causes an immediate crash in said games

I am really amazed at the insight people have about UAC.
Let me tell you what UAC is also about.
It is also about blocking people from being able to install programs that Microsoft refuses to provide signed drivers for.
This way, Microsoft dictates to the end user by disallowing use of programs by deeming them threats or incompatable.
This also causes software manufacturers to make new versions of thier software because Microsoft will not allow what they already have to be backwards compatable.
This also causes pc peripheral manufacturers to do away with models that end users have found reliable.
In the present economy, this is just inexcuseable on the part of Microsoft.
If you hate UAC, wait until you try and use compatability with 7, it gets even worse.
I will give you a prime example of what I am talking about.
With UAC turned on in Vista, and because of Microsoft using it’s own device installers…supposedly for our protection…many printers will no longer properly install because Vista does not recognize the manufacturers install program, and in many cases, will not even allow the printer driver to be installed by the end user.
Not only that, many USB connected printers in Vista are not automatically detected and you have to teach Vista that the driver should be run from the USB port.
I have been working on pcs for a long time, and I do not know a lot of end-users who would figure this out on thier own, and Microsoft is very unclear on solving these types of issues.
Microsoft has lready said that the next OS, 7, will be almost completely incompatable with any backward compatabilty.
This is a control issue and a monopolistic one.
You might argue with me and say, just turn UAC off, install the program and turn it back on.
Well guess what?
OS freeze and lockup.
Microsoft may think it’s OS is slow and outdated and you need a new one, so if you do not like it and find it unuseable, they will blame it on an old driver or the end user.
Hey, if it is an old driver, why isn’t Microsoft spending some of their gobs of money signing new ones so that more of what the end user has paid thier hard earned doughraymee for continues to be viable in the new OS.
Wake up peeps.

UAC has nothing to do with only allowing signed drivers. Also, signed drivers does not mean they have to be WHQL tested drivers. As far as printer drivers, it has nothing to do with the installers. The older printer drivers themselves aren’t compatible. It is possible there may be some cases where Vista refuses to let the installer run, because it is a known incompatible driver that causes problems if it is installed in Vista (there are cases where that can happen, as far as I know, and not just with printer drivers).

I’m unsure how the signing mechanism works exactly, but I seem to recall reading somewhere that the hardware manufacturers are able to sign the drivers themselves (though Microsoft probably provided to them the means to do so), so that’s not the issue for older hardware not having an available driver.

Guys before all of you start with annoying spamming think on that:
Ist there anyone that can solve this issue without disable secure screen? Dont think so… So stop crying that it makes the system unsecure! What is the chance of u to get a malware that clicks on UAC ok button and destroy it all? Xp doesnt even have uac… And its still way nice as SO…
Am i right?

I am sure it’s in there somewhere. But there are even more UAC settings in Win7 and the key I am looking for does not have the same name as in Vista. So anybody who knows the exact key to modify to remove blackout during elevation please let me know.

If you want to specifically just disable that feature, you can also just follow the instructions in the article. It hasn’t changed in Windows 7. Since the beta is Windows 7 Ultimate, you have access to gpedit.msc

The bug is in the video drivers as I tested myself. With newer video drivers and some old chipset the screen goes black for 2-3 or more secs at UAC.
It’s a video drivers’ bug that nVidia should fix, not in Vista.

I wasn’t telling you to disable the prompt. I mentioned that article because that has the location of the setting you are looking for. Instead of “Prompt for consent on secure desktop” or “Prompt for credentials on secure desktop”, select just “Prompt for consent” or “Prompt for credentials”

Look at the linked article I mentioned in my above post to find the location of the setting. Just follow those instructions there, but instead pick one of the options I mentioned.

“If people have slow UAC pop-up with a boring 2-3 secs black screen before and after the UAC itself, should know that it’s a bug with nVidia newer drivers (with old chipsets) indeed, not in Vista/Win7.
There is also an open thread in nVidia forums: http://forums.nvidia.com/index…..ce+go+6100

nVidia should really fix this.”

Unfortunately, nVidia doesn’t appear to show much interest in fixing this issue. I had the same problem, rolling back the driver to a slightly older version did the trick.

Thank you shadowfare. I found what you mentioned and it appears to have the design to do what I am hoping to do. But, it may be a bug in my Beta copy because when I change the settings it continues to black out the screen even after changing the settings and rebooting. I will attempt the change again when the RC comes out.

I am not an administrator, but my dad says i can have his old laptop, which runs Vista Home Premium. Trouble is, he’s forgotten the admin password. I try to use the command prompt, but stupid bloody “System error 5,
Access is Denied” comes up.

Blacking-out the screen every time when UAC pops up is a very bad practice from ergonomical aspects.
I find the blacking-out very annoying, somehow it irritates my eyes and braines.

Microsoft should come up with a fix/option where one can choose not to back-out the screen for UAC popups, and at the same time keep all security in place.

The greatest risk in not providing such a feature is that people turn UAC of, either partially or completely.
I am sure that the aim of UAC was to make the computer more secure.
Practice has shown that people don’t like and get annoyed by the blacking-out.

Microsoft should take responsibility and provide a feature to fix this.

My UAC prompt takes c. 0.5 seconds to load, appears over a faded (not blacked out) screen, doesn’t flash and is non repetitive – ie, I can create a new folder in Programs with one prompt (not 4 as one poster said he needed).

So maybe it depends on the system. Mine is Vista Business on a Dell 1501 notebook.

I think what it boils down to is that UAC’s elevated prompts are a good idea for many users, the Secure Desktop for these prompts is a great idea… but poorly executed. The “Secure Desktop” idea really doesn’t warrant the fanfare that MS gave it. Since when does stopping the entire computer just to change resolutions and generate a secondary desktop on which to display a single prompt seem like a good idea? The secure prompt could have been just as easily handled on the existing desktop without a resolution change by suspending other processes while the secure prompt is in focus, giving the secure prompt window a distinct appearance to let the user know, a different frame or color, for instance. The Secure Desktop is basically a 100 dollar solution when a 10 dollar one would have sufficed.

Since writing the above, I have installed the Norton UAC Tool, which allows you to remember settings. So far so good – over a few weeks will reduce your UAC prompts to close to zero. The big benefit of this for most users is that you can then focus more on each one, rather than just clicking it off.

I don’t care if it makes it less secure or not the fact is it’s ANNOYING. I’m not talking about the blacking out the screen part I’m talking about it second guessing your every decision. Just work already, damnit!

I think the best way to deal with this is to enable prompt for admin password on each UAC prompt while setting the secure desktop disabled. This is the same with Linux’s root prompt for password without blurring the background. I’ve enabled this in my system and I never encounter any malware issues since 2006. I only recommend this for those who knows how to administer their own system.

The only real way to get rid of that annoying black screen that shows up at login is to disable any application running at startup with a shield. Meaning, if there is any application that needs administrator rights to start, should not run at startup. This way you donÂ´t even have to disable UAC.

UAC is a nightmare. I always turn it off. I turn off all security, anti-virus, firewall, etc. All these “features” designed to protect your computer from malware are themselves a form of malware, slowing your computer down drastically and making installations a pain in the neck. These cures are worse than the disease in my opinion. Instead of trying to protect myself behind layers of annoying security, I just back everything up and reformat once a year.

What’s terrifically annoying is not UAC blacking out the screen, it’s all this fuss about it. If you don’t like it, you change it. But labeling it as annoying is just an invitation to other people to make their systems insecure. Try writing with more responsibility.

and for all you people who’ve never clicked “no”, I’ve clicked “no”. Like when a website wants to install something that I didn’t ask for. It’s happened a few times. So I know UAC has done good. I like it. At least I know that I’m the only one who can make changes to my machine. I also have it set to prompt for credentials. But since I type my password at ninety miles an hour, it really doesn’t bother me.

Well for me UAC in Windows 7 gived a lot of problems, blue screens and computer was begining to restart with no reason, problems with the video driver when i was playing a game and finished, i just exit to desktop and bang here is your blue screen, scanned to see if its a virus or something and my antivirus didn’t found nothing, then i gived up and switched to Windows Vista, this time the computer was working normally but i was annoyed because of the UAC, sometimes it just didn’t pop up, it just sit in the taskbar blinking there, it was so stupid and because of that i turned it off. I just feel at ease with Comodo Internet Security and Mallwarebytes, 2 security programs that i can call indeed security especially Mallwarebytes with protection enabled. I suspect UAC in Windows 7 because the blue screens were from various stupid reasons like the system somehow interfered with the hardware, most frequently with my ATI HD 4550 video card, or interfered with the operation of pagefile somehow. And so manny write on the internet Windows 7 is the best, well it didn’t impressed me much because Vista is more stable now with SP2. It seems Micro$$oft only cares about our $$$.

If you have a good Antivirus and Firewall, and a program like PeerGuardian or PeerBlock, why in the hell would you be worried by turning this off. You probably don’t know s**t about computers if you think your computer is vulnerable with the blackout disabled. I get the same firewall and antivurs popups from Comodo IS so I could give a crap about this blackout feature that causes the computer to lag and slowdown once it comes up. No thanks, I don’t need OS cosmetic embedded wannabe security features, I’ll take my better 3rd party software over Windows 7 OS security anyday. For the people that are bi*ching about making yourself more vulnerable, please stop using pc’s, maybe the simplicity of a mac-tard is what you need.

This is driving me mad, I have changed to the notch as suggested for Windows 7 but every time i get the UAC pop up my resolution changes. I am going through win 7 home 64bit desktop -> Onkyo 807 -> Optoma HD200x. Every time the box pops up the screen goes blank and the receiver searches for source for 3/4 seconds and then back to windows. Very frustrating.

Has anyone (those that say they need UAC desktop security) checked their Event Viewer after such an episode? You should.. just to see the error messages it creates.

Um.. I just got a new computer from Dell (set it up Tuesday)… I know, I went through the local guy build me a computer and took it back rigamaroll. I should have built my own, well, I digress.
And after six weeks of sharing a computer with my husband
I find out…..
Dell’s drivers are almost a year old. They haven’t updated most of their hardware drivers since June/July of 2010. I have an updated system that uses really old drivers. (I still don’t think MS has improved their driver updates).

What do I do.. break my warranty by installing ‘maker’ updated drivers or turn off UAC? Is MS going to pay me for a new Monitor or graphics card? I have a dedicated graphics card too.. not integrated, which doesn’t matter anyway. Dell doesn’t have the updated driver for integrated graphics either!

The only reason MS says Vista and Windows 7 is more secure is mostly because of the UAC. So, if you turn it off or disable some of it’s power.. you’re less secure. And I think most people are being over concerned. You got your antivirus program, your multiple malware/spyware scanning programs, rootkit scanning prgram..etc etc.. what else do you need? You spend all your time on scanning your hard drive. good grief. Get a life.

Because someone thinks everybody should do as everyone else does… doesn’t mean they HAVE to. I’m going to get hate mail aren’t I?

This is not controversial , this is very wrong. I only want to stop blackening the screen. if I watch TV or play game, this notification causes delays and cuts TV for moments. I don’t want to reduce security. just the blackening. at least stop from blackening both displays.

By the way, the PromptOnSecureDesktop was already there on my computer. I am using Windows Vista Home Premium 64-bit with SP1 and SP2. If that has anything to do with it. Because I just checked and it seems that the Secure Desktop feature defaults back to being enabled if the PromptOnSecureDesktop value is removed.

So it appears that the PromptOnSecureDesktop value is really only needed when you want to disable Secure Desktop, for enabling it you can just delete this value. But like I said, on my computer it was there from the beginning, why I don’t like having it removed by the REG file.

I would still suggest editing the REG file. It doesn’t hurt to have the PromptOnSecureDesktop value, even for enabling the Secure Desktop.

Wow, I never thought this subject was so controversial. Personally I figured out on my own how to stop the irritating desktop dimming, but never would have guessed there would be people who insist I should leave it on. I agree with what other posters have said; if you’re an intelligent user who monitors your own files, runs scans and uses protection against viruses and malware and is just generally well informed about what’s going on inside your computer at any given time, I don’t see what the problem is. Is it worth enduring the constant annoyance just for a security issue that you should already be monitoring yourself on a higher level (i.e. by avoiding getting malware in the first place)? I certainly don’t think so.

QFE: “Those who have the power and the confidence: Save a mouse, turn off UAC”

Yes! exactly what I wanted. Geez, M$ has no sense on style. I mean that in a big way.
Yes, please prompt me but don’t turn off my monitor in the process of telling me something important that’s just anoooying. no, let me restate that “it’s fricking VERRRRRRRRRRRRRY irritating”. No style.

Why not make the message box modal and have it do a little dance to get my attention. At least that would be a little cool. Oh but Noooo, we are going to turn off your monitor and hope that you energy effecient setting don’t kick in so that you can’t read the fricking message in first place. I’m just glad M$ does not make a clothing line. We would all look like devo or something totaly stupid.